State Data Privacy Laws

A comprehensive guide to data privacy legislation across the United States

Understanding US State Data Privacy Laws

Data privacy legislation is rapidly evolving across the United States. While there is no comprehensive federal privacy law, many states have enacted their own legislation to protect consumer data rights. This page provides links to official state privacy laws and regulations.

20+
States with Privacy Laws
20+
States Considering Legislation
100M+
Americans Protected

Common Consumer Rights Across State Privacy Laws

Most state privacy laws grant consumers similar fundamental rights:

๐Ÿ‘๏ธ

Right to Know

What data is collected and how it's used

๐Ÿ—‘๏ธ

Right to Delete

Request deletion of personal data

โœ‹

Right to Opt-Out

Stop sale or sharing of data

โœ๏ธ

Right to Correct

Fix inaccurate personal information

๐Ÿ“ฆ

Right to Portability

Receive data in usable format

๐Ÿšซ

Non-Discrimination

No retaliation for exercising rights

State-by-State Data Privacy Laws Guide

Click on any state to view official legislation and resources

Last updated: March 21, 2026

โœ… States with Enacted Privacy Laws

California

Enacted
California Consumer Privacy Act (CCPA)

Effective: January 1, 2020

Comprehensive privacy law granting rights to access, delete, and opt-out of data sales.

View Official CCPA Page โ†’
California Privacy Rights Act (CPRA)

Effective: January 1, 2023

Expanded CCPA with additional rights and enforcement by the California Privacy Protection Agency.

View CPPA Website โ†’

Virginia

Enacted
Virginia Consumer Data Protection Act (VCDPA)

Effective: January 1, 2023

Provides rights to access, correct, delete, and opt-out of targeted advertising and data sales.

View Virginia Code ยง59.1-571 et seq. โ†’

Colorado

Enacted
Colorado Privacy Act (CPA)

Effective: July 1, 2023

Grants consumers rights to access, correct, delete, and opt-out of data processing.

View Colorado AG Resources โ†’

Connecticut

Enacted
Connecticut Data Privacy Act (CTDPA)

Effective: July 1, 2023

Provides consumer rights to access, correct, delete, and opt-out of data processing.

View Connecticut AG Page โ†’

Utah

Enacted
Utah Consumer Privacy Act (UCPA)

Effective: December 31, 2023

Grants rights to access, delete, and opt-out of data sales and targeted advertising.

View Utah SB 227 โ†’

Washington

Enacted Health Data
My Health My Data Act (MHMDA)

Effective: March 31, 2024

One of the nation's strictest health privacy laws, impacting any entity collecting consumer health data in WA.

Expert Insight: I specialize in the "Right to Deletion" workflows required by MHMDA, ensuring that revokes of consent are technically enforced across distributed cloud environments (AWS/Azure).

View RCW 19.373 โ†’ Washington MHMDA Engineering Protocols โ†’
Biometric Identifiers Law

Effective: July 23, 2017

Requires notice and consent for collection of biometric identifiers for commercial purposes.

View RCW 19.375 โ†’
Data Breach Notification Law

Effective: July 24, 2015

Requires notification to residents and Attorney General after data breaches.

View RCW 19.255 โ†’

Montana

Enacted
Montana Consumer Data Privacy Act (MCDPA)

Effective: October 1, 2024

Provides consumer rights to access, correct, delete, and opt-out of data processing.

View Montana SB 384 โ†’

Oregon

Enacted
Oregon Consumer Privacy Act (OCPA)

Effective: July 1, 2024

Grants rights to access, correct, delete, and opt-out of data sales and targeted advertising. 2025 amendment: Prohibits sale of personal data for consumers under 16 and precise geolocation within 1,750 feet.

View Oregon SB 619 โ†’

Texas

Enacted
Texas Data Privacy and Security Act (TDPSA)

Effective: July 1, 2024

Provides consumer rights to access, correct, delete, and opt-out of targeted advertising.

View Texas HB 4 โ†’

Delaware

Enacted
Delaware Personal Data Privacy Act (DPDPA)

Effective: January 1, 2025

Grants consumer rights to access, correct, delete, and opt-out of data processing.

View Delaware HB 154 โ†’

Iowa

Enacted
Iowa Consumer Data Protection Act

Effective: January 1, 2025

Provides rights to access, delete, and opt-out of targeted advertising and data sales.

View Iowa SF 262 โ†’

Indiana

Enacted
Indiana Consumer Data Protection Act

Effective: January 1, 2026

Grants consumer rights to access, correct, delete, and opt-out of data processing.

View Indiana SB 5 โ†’

Kentucky

Enacted
Kentucky Consumer Data Protection Act (KCDPA)

Effective: January 1, 2026

Grants consumer rights to access, correct, delete, and opt-out of targeted advertising and data sales. Applies to controllers processing 100,000+ Kentucky consumers or 25,000+ when deriving 50%+ revenue from data sales.

View Kentucky HB 15 โ†’

Rhode Island

Enacted
Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

Effective: January 1, 2026

Grants consumer rights to access, correct, delete, and opt-out of data processing. Notably low thresholds: 35,000 consumers, or 10,000 if 20%+ revenue from data sales.

View Rhode Island HB 7787 โ†’

Tennessee

Enacted
Tennessee Information Protection Act (TIPA)

Effective: July 1, 2025

Provides consumer rights to access, correct, delete, and opt-out of data processing.

View Tennessee HB 1181 โ†’

Nevada

Enacted
Nevada Privacy Law (SB 220)

Effective: October 1, 2019

Allows consumers to opt-out of the sale of their personal information.

View Nevada SB 220 โ†’

Florida

Enacted
Florida Digital Bill of Rights (FDBR)

Effective: July 1, 2024

Comprehensive privacy law granting rights to access, correct, delete, and opt-out of data sales and targeted advertising.

View Florida Statutes Ch. 501 ยง701 โ†’

โณ States with Pending or Proposed Legislation

Washington (Additional)

Proposed
People's Privacy Act

Status: Proposed 2025

Comprehensive privacy bill with strong consumer rights, data minimization, and private right of action.

View Washington Legislature โ†’

New York

Pending
New York Privacy Act

Status: Under Consideration

Proposed comprehensive privacy law with strong consumer rights and data fiduciary duties.

View NY Senate Bill โ†’

Massachusetts

Pending
Massachusetts Data Privacy Act

Status: Under Consideration

Proposed legislation providing comprehensive consumer data rights.

View MA Legislature โ†’

Illinois

Enacted (Biometric)
Biometric Information Privacy Act (BIPA)

Effective: October 3, 2008

One of the strongest biometric privacy laws in the US, with private right of action.

View Illinois BIPA โ†’

๐Ÿ“‹ Other Notable State Privacy Protections

Many states have sector-specific privacy laws or data breach notification requirements:

All 50 States + DC

Have data breach notification laws requiring companies to notify residents of security breaches.

Arkansas, Texas, Washington

Have biometric data privacy laws requiring consent for collection.

Maine

Internet Service Provider privacy law requiring opt-in for sensitive data.

Vermont

Data broker registration law requiring registration and security standards.

Federal Privacy Resources

While there's no comprehensive federal privacy law, these agencies provide guidance:

Federal Trade Commission (FTC)

Enforces consumer protection laws and provides privacy guidance

Visit FTC Privacy โ†’

Health & Human Services (HHS)

Enforces HIPAA privacy and security rules for health information

Visit HHS HIPAA โ†’

Consumer Financial Protection Bureau (CFPB)

Protects consumer financial data and privacy

Visit CFPB โ†’

How Your Data Health Ensures Compliance

Your Data Health monitors and complies with all applicable state privacy laws where our members reside:

โœ…

Multi-State Compliance

Our platform is designed to comply with the strictest state privacy laws, ensuring protection for all members.

๐Ÿ”„

Continuous Monitoring

Your Data Health tracks new legislation and updates its practices to stay compliant with emerging state laws.

๐Ÿ›ก๏ธ

Your Rights Protected

Your Data Health honors all consumer rights including access, deletion, correction, and opt-out across all states.

๐Ÿ“œ

Transparent Policies

Clear privacy notices and consent mechanisms that meet or exceed state requirements.

Questions About Your State's Privacy Laws?

Contact me to learn how your data is protected under your state's legislation.

Book Free Intro

Ready to Take Control?

Enterprise compliance auditing for FHIR, MHMDA, and state privacy standards.

Audit My Pipelines